I Am I the only one who have files like C:\ProgramData\Comodo\Cis empscrpt\C_cmd.exe_741EA2FAA25CB0***17E539C7045EADF.bat that pops up regularly on users computers as contained ? is it something standard from the Comodo Endpoint that we could consider as false positive and put in exclusion list ?
Hi @rbo,
We need to rate the file “C_cmd.exe_741E A2FAA25CB0***17E539C7045EADF.bat” as Trusted from EM Portal
Please follow the provided instructions
Step 1: EM Portal > SECURITY SUB-SYSTEMS > Containment and use the filter from the right for searching this file using:
Step 2: File name as C_cmd.exe_741E A2FAA25CB017E539C7045EADF.bat OR
File path as C:\ProgramData\Comodo\Cis empscrpt\C_cmd.exe_741E A2FAA25CB017E539C7045EADF.bat
Step 3: Rate the file as “Trusted”
Please reach us if you still have any issues.
Kind Regards,
PremJK
Hi, Thank you, for 1 time I was aware already about the solution, I was just asking support if this file was legitimate or not, your answer mean yes, so I manually trusted it. Question 2: is there a way to receive email notification when such activity occur on users computers, to be proactive ?
issue is back,
added
“C:\ProgramData\Comodo\Cis empscrpt\C_cmd.exe_*” in the list of trusted apps.
(Settings / System Templates / File groups variables / Trusted applications)
Hi @rbo,
Please check your Inbox for a private message and follow the instructions provided. Please let us know if you still face an issue.
Kind Regards,
PremJK
Hello @rbo ,
About your second question:
1- You can create a security events monitor with condition “Unknown application running inside container”,
2- Change alert settings of the monitor to be able to get notification email to desired email address(es)
3- then put the monitor under Profiles -> {selected_profile] -> Monitors section.
This way, once an application is contained, you will be able to get notified once an application gets contained.
For more information, please check out https://community.itarian.com/help/topic-459-1-1005-15349-Monitors-for-Windows-Devices.html
Best regards,
Ilgaz
Thank you,
configuration applied, monitoring configured !